{% block content %} {% load static %} MobSF Static Analysis Report {% if host_os == 'windows' %} {% else %} {% endif %}
IOS STATIC ANALYSIS REPORT



app_icon

{{ app_name }} {% if app_version %} ({{app_version}}) {% endif %}






{% if virus_total and virus_total.items|length > 9 and 'request successfully queued' not in virus_total.verbose_msg %} {% endif %}

File Name:

{{file_name}}

Identifier:

{{ bundle_id }}

Average CVSS Score:

{% if average_cvss > 6 %} {{ average_cvss }} {% elif average_cvss == 0 %} {{ average_cvss }} {% elif average_cvss >= 4 %} {{ average_cvss }} {% elif average_cvss < 4 %} {{ average_cvss }} {% endif %}

App Security Score:

{% if security_score < 16 %} {{ security_score }}/100 (CRITICAL RISK) {% elif security_score < 41 %} {{ security_score }}/100 (HIGH RISK) {% elif security_score < 71 %} {{ security_score }}/100 (MEDIUM RISK) {% else %} {{ security_score }}/100 (LOW RISK) {% endif %}

VirusTotal Detection:

{{ virus_total.positives }}/{{ virus_total.total }}

Scan Date:

{{ timestamp }}















FILE INFORMATION

File Name:
{{ file_name }}
Size:
{{ size }}
MD5:
{{ md5 }}
SHA1:
{{ sha1 }}
SHA256:
{{ sha256 }}

APP INFORMATION

App Name:
{{ app_name }}
App Type:
{{ app_type }}
Identifier:
{{ bundle_id }}
SDK Name:
{{ sdk_name }}
Version:
{{ app_version }}
Build:
{{ build }}
Platform Version:
{{ platform }}
Min OS Version:
{{ min_os_version }}
Supported Platforms:
{% for pl in bundle_supported_platforms %} {{pl}}, {% endfor %}
{% if binary_analysis %}

BINARY INFORMATION

Arch:
{{ binary_info.arch }}
Sub Arch:
{{ binary_info.subarch }}
Bit:
{{ binary_info.bit }}
Endian:
{{ binary_info.endian }}
{% endif %} {% if bundle_url_types|length > 0 %}

CUSTOM URL SCHEMES

{% for scheme in bundle_url_types %} {% endfor %}
URL NAME SCHEMES
{{scheme | key:"CFBundleURLName" }} {% if scheme|key:"CFBundleTypeRole" %}
{{scheme | key:"CFBundleTypeRole" }} {% endif %}
{% if scheme|key:"CFBundleURLSchemes" %} {% for ul in scheme.CFBundleURLSchemes %} {{ul}}
{% endfor %} {% endif %}
{% endif %} {% if permissions %}

APPLICATION PERMISSIONS

{% for perm in permissions %} {% endfor %}
PERMISSIONS STATUS DESCRIPTION REASON IN MANIFEST
{{ perm.name }} {{ perm.status }} {{ perm.description}} {{ perm.reason }}
{% endif %} {% if ats_analysis %}

APP TRANSPORT SECURITY (ATS)

{% if ats_analysis|length > 0 %} {% for findings in ats_analysis %} {% endfor %} {% else %} {% endif %}
NO ISSUE STATUS DESCRIPTION
{{ forloop.counter }} {{findings.issue}} {% if findings.status == "insecure" %} {{findings.status}} {% elif findings.status == "secure" %} {{findings.status}} {% elif findings.status == "warning" %} {{findings.status}} {% elif findings.status == "info" %} {{findings.status}} {% endif %} {{findings.description}}
No ATS exceptions found. secure No insecure connections configured. App Transport Security (ATS) is enabled.
{% endif %} {% if virus_total and virus_total.items|length > 9 and 'request successfully queued' not in virus_total.verbose_msg %}

VIRUSTOTAL SCAN

{{ virus_total.positives }} / {{ virus_total.total }}
  AVs found this file Malicious!

{% if virus_total.positives %} {% for av_name,av_result in virus_total.scans.items %} {% if av_result.detected == True %} {% endif %} {% endfor %}
AV DETECTION
{{ av_name }} {{ av_result.result }}
{% endif %} {% endif %} {% if binary_analysis %}

IPA BINARY CODE ANALYSIS

{% for issue, details in binary_analysis.items %} {% endfor %}
NO ISSUE SEVERITY STANDARDS DESCRIPTION
{{ forloop.counter }} {{ issue }} {% if details|key:"severity" == 'info' %} info {% elif details|key:"severity" == 'good' %} secure {% elif details|key:"severity" == 'high' %} high {% elif details|key:"severity" == 'warning' %} warning {% endif %}
CVSS V2:
{% if details|key:"cvss" > 6 %} {{ details|key:"cvss" }} (high) {% elif details|key:"cvss" == 0 %} {{ details|key:"cvss" }} (info) {% elif details|key:"cvss" >= 4 %} {{ details|key:"cvss" }} (medium) {% elif details|key:"cvss" < 4 %} {{ details|key:"cvss" }} (low) {% endif %} {% if details|key:"cwe" %}
CWE:
{{ details|key:"cwe" }}{% endif %} {% if details|key:"owasp-mobile" %}
OWASP Top 10:
{{ details|key:"owasp-mobile" }}{% endif %} {% if details|key:"masvs" %}
OWASP MASVS:
{{ details|key:"masvs" }}{% endif %}
{{ details|key:"detailed_desc" }}
{% endif %} {% if macho_analysis %}

IPA BINARY ANALYSIS

{% if not macho_analysis %} Binary Analysis Failed. {% else %} {% endif %}
PROTECTION STATUS SEVERITY DESCRIPTION
NX {{macho_analysis.nx.has_nx}} {{macho_analysis.nx.severity}} {{macho_analysis.nx.description}}
PIE {{macho_analysis.pie.has_pie}} {{macho_analysis.pie.severity}} {{macho_analysis.pie.description}}
STACK CANARY {{macho_analysis.stack_canary.has_canary}} {{macho_analysis.stack_canary.severity}} {{macho_analysis.stack_canary.description}}
ARC {{macho_analysis.arc.has_arc}} {{macho_analysis.arc.severity}} {{macho_analysis.arc.description}}
RPATH {{macho_analysis.rpath.has_rpath}} {{macho_analysis.rpath.severity}} {{macho_analysis.rpath.description}}
CODE SIGNATURE {{macho_analysis.code_signature.has_code_signature}} {{macho_analysis.code_signature.severity}} {{macho_analysis.code_signature.description}}
ENCRYPTED {{macho_analysis.encrypted.is_encrypted}} {{macho_analysis.encrypted.severity}} {{macho_analysis.encrypted.description}}
SYMBOLS STRIPPED {{macho_analysis.symbol.is_stripped}} {{macho_analysis.symbol.severity}} {{macho_analysis.symbol.description}}
{% endif %} {% if code_analysis %}

CODE ANALYSIS

{% for rule, details in code_analysis.items %} {% endfor %}
NO ISSUE SEVERITY STANDARDS FILES
{{ forloop.counter }} {% if details.metadata|key:"ref" %} {{ details.metadata.description }} {% else %} {{ details.metadata.description }} {% endif %} {% if details.metadata.severity == "high" %} high {% elif details.metadata.severity == "good" %} secure {% elif details.metadata.severity == "warning" %} warning {% elif details.metadata.severity == "info" %} info {% endif %}
CVSS V2:
{% if details.metadata.cvss > 6 %} {{ details.metadata.cvss }} (high) {% elif details.metadata.cvss == 0 %} {{ details.metadata.cvss }} (info) {% elif details.metadata.cvss >= 4 %} {{ details.metadata.cvss }} (medium) {% elif details.metadata.cvss < 4 %} {{ details.metadata.cvss }} (low) {% endif %} {% if details.metadata.cwe %}
CWE: {{details.metadata.cwe }}{% endif %} {% if details.metadata|key:"owasp-mobile" %}
OWASP Top 10: {{ details.metadata|key:"owasp-mobile" }}{% endif %} {% if details.metadata.masvs %}
OWASP MASVS: {{ details.metadata.masvs }}{% endif %}
{% for file_path in details.files %} {{ file_path }}
{% endfor %}
{% endif %} {% if domains %}

DOMAIN MALWARE CHECK

{% for domain, details in domains.items %} {% endfor %}
DOMAIN STATUS GEOLOCATION
{{domain}} {% if details|key:"bad" == "yes" %} malware
URL:
{{details|key:"domain_or_url"}}
IP:
{{details|key:"ip"}}
Description:
{{details|key:"desc"}} {% else %} good
{% endif %}
{% if details|key:"geolocation" %}
IP:
{{details|key:"geolocation"|key:"ip"}}
Country:
{{details|key:"geolocation"|key:"country_long"}}
Region:
{{details|key:"geolocation"|key:"region"}}
City:
{{details|key:"geolocation"|key:"city"}}
Latitude:
{{details|key:"geolocation"|key:"latitude"}}
Longitude:
{{details|key:"geolocation"|key:"longitude"}}
View:
Google Map {% else %} No Geolocation information available. {% endif %}
{% endif %} {% if urls %}

URLS

{% for urldict in urls %} {% endfor %}
URL FILE
{% for u in urldict|key:"urls" %} {{ u }}
{% endfor %}
{{urldict|key:"path"}}
{% endif %} {% if firebase_urls %}

FIREBASE DATABASES

{% for item in firebase_urls %} {% endfor %}
FIREBASE URL DETAILS
{{ item.url }} {% if item.open %} insecure
Firebase DB is exposed publically. {% else %} info
App talks to a Firebase Database. {% endif %}
{% endif %} {% if emails %}

EMAILS

{% for email_dict in emails %} {% endfor %}
EMAIL FILE
{% for em in email_dict|key:"emails" %} {{ em }}
{% endfor %}
{{email_dict|key:"path"}}
{% endif %} {% if not appstore_details.error %}

APP STORE INFORMATION

Title:
{{ appstore_details.title }}

Score:
{{ appstore_details.score}}
Features:
{% for fea in appstore_details.features %} {{ fea }}, {% endfor %}
Price:
{{ appstore_details.price }}
Category:
{% for cat in appstore_details.category %} {{ cat }}, {% endfor %}
App Store URL:
{{ appstore_details.app_id }}

Developer:
{{appstore_details.developer}}
Developer ID:
{{appstore_details.developer_id}}
Developer Website:
{{appstore_details.developer_website }}
Developer URL:
{{appstore_details.developer_url}}
Supported Devices
{% for dev in appstore_details.supported_devices %} {{ dev }}, {% endfor %}

Description:

{{ appstore_details.description }}

{% endif %}

App Security Score Calculation

Every app is given an ideal score of 100 to begin with.
For every findings with severity high we reduce 15 from the score.
For every findings with severity warning we reduce 10 from the score.
For every findings with severity good we add 5 to the score.
If the calculated score is greater than 100, then the app security score is considered as 100.
And if the calculated score is less than 0, then the app security score is considered as 10.

Risk Calculation

APP SECURITY SCORE RISK
0 - 15 CRITICAL
16 - 40 HIGH
41 - 70 MEDIUM
71 - 100 LOW



Report Generated by - MobSF {{ version }}

Mobile Security Framework (MobSF) is an automated, all-in-one mobile application (Android/iOS/Windows) pen-testing, malware analysis and security assessment framework capable of performing static and dynamic analysis.

© {% now "Y" %} Mobile Security Framework - MobSF | Ajin Abraham | OpenSecurity.

{% endblock %}